After discovering an unexpected vulnerability in an audited smart contract, Virtuals Protocol issued a timely fix and re-launched its bug bounty program. On December 3, 2024, a security researcher going by the pseudonym Jinu contacted Virtuals Protocol after discovering a vulnerability in a contract he had audited. However, after reporting the issue, Jinu learned that the company did not have a bug bounty program activated, meaning that the discovery was not eligible for a bounty. Virtuals Protocol confirmed the white hat bug discovery. Although Virtuals Protocol has promptly fixed the vulnerability, it has not yet announced a bug bounty for Jinu. In a message to the researcher, the company thanked Jinu for reporting the issue and apologized for the previous communication misunderstanding.